Im trying to convince by boss that the server we are using is some what safe from being attacked. Here is how its setup would let me know what you all think? Running windows 2000,file server only,connected to a hub,using a cisco router,i have all the internet info services turned off,guest accounts disabled,renamed admin account,only admin account has access to all files on server and useing the 3 strike log in. The reason Im asking this is that Im trying to get him to start using the accounting software on the server but he's worried about getting hacked. I did have a software firewall set up but was told I didnt really need it since we werent useing it as a web server.Thanks
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
security question 1
- Thread starter darrenrd
- Start date
-
1
- #2
brontosaurus
MIS
Are you exposed to the internet? Get that firewall back on.
End of story.
End of story.
If he is afraid of internal hacking, stop people you dont want to access the server either locally or through the network, stop every service your not using, use backups, auditing (if necesary), policies, etc.IF your going o the web, then use the firewall, and also you can set access lists in the router if have acces to it. A+, MCP, CCNA
marbinpr@hotmail.com
Keep fighting for your knowledge!
marbinpr@hotmail.com
Keep fighting for your knowledge!
The best advise I can give are:
1. Have a firebox as brontosaurus suggested. Close all the ports. Open only the ports you need. Determine what is the need before openning a port and allowing the traffic (inbound/outbound).
2. Disable all the services, only enable the services you need. Do not rely on the default setting by the vendor.
I am not sure it is a good idea to have the accounting package installed on the same box. I would make it only accessible in LAN and have some kinda insulation from internet at least.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!![[pipe]](/data/assets/smilies/pipe.gif "[pipe] [pipe]")
jliu@Cipk.com
1. Have a firebox as brontosaurus suggested. Close all the ports. Open only the ports you need. Determine what is the need before openning a port and allowing the traffic (inbound/outbound).
2. Disable all the services, only enable the services you need. Do not rely on the default setting by the vendor.
I am not sure it is a good idea to have the accounting package installed on the same box. I would make it only accessible in LAN and have some kinda insulation from internet at least.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!
jliu@Cipk.com
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question